19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them | |
by Michael Howard, David LeBlanc and John Viega | |
McGraw-Hill/Osborne 2005 (304 pages) | |
ISBN:0072260858 | |
Use this hands-on-guide to secure your software by eliminating code vulnerabilities from the start. This book is essential for all software developers, regardless of platform, language, or type of application. |
Table of Contents | |||
19 Deadly Sins of Software Security ”Programming Flaws and How to Fix Them | |||
Foreword | |||
Introduction | |||
Sin 1 | - | Buffer Overruns | |
Sin 2 | - | Format String Problems | |
Sin 3 | - | Integer Overflows | |
Sin 4 | - | SQL Injection | |
Sin 5 | - | Command Injection | |
Sin 6 | - | Failing to Handle Errors | |
Sin 7 | - | Cross-Site Scripting | |
Sin 8 | - | Failing to Protect Network Traffic | |
Sin 9 | - | Use of Magic URLs and Hidden Form Fields | |
Sin 10 | - | Improper Use of SSL and TLS | |
Sin 11 | - | Use of Weak Password-Based Systems | |
Sin 12 | - | Failing to Store and Protect Data Securely | |
Sin 13 | - | Information Leakage | |
Sin 14 | - | Improper File Access | |
Sin 15 | - | Trusting Network Name Resolution | |
Sin 16 | - | Race Conditions | |
Sin 17 | - | Unauthenticated Key Exchange | |
Sin 18 | - | Cryptographically Strong Random Numbers | |
Sin 19 | - | Poor Usability | |
Appendix A | - | Mapping the 19 Deadly Sins to the OWASP Top Ten | |
Appendix B | - | Summary of Do s and Don ts | |
List of Figures | |||
List of Tables | |||
List of Sidebars |